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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E<] Responsive to communication(s) filed on 20 March 2007 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) £3 Claim(s) 1-68 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 13 Claim(s) 16-21 is/are allowed. 

6) IS| Claim(s) 1-5,12-15 and 22-68 is/are rejected. 

7) E3 Claim(s) 6^/1 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 32 and 36 have been amended. Claims 1 - 68 are pending. 

Response to Argument 

2. Applicant's arguments filed 3/20/2007, with respect to the rejection(s) of claim(s) 
have been fully considered and are persuasive. Therefore, the rejection has been 
withdrawn. However, upon further consideration, a new ground(s) of rejection is made 
in view of Arteaga et al. (U.S. 2002/0161826) and Claims 16-21 are allowed. 

Allowable Subject Matter 
Claims 16-21 are allowed. 

Claims 6-1 1 would be allowable if rewritten to include all of the limitations of the 
base claim and any intervening claims. The following is a statement of reasons for the 
indication of allowable subject matter: Prior art does not teach or suggest "determining 
whether at least one encryption rule is associated with the SOAP message; encrypting 
the SOAP message using one or more keys associated with the at least one decryption 
rule when the determining determines that at least one encryption rule is associated 
with the SOAP message". 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 2-4 and 25 - 26 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
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matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Claims recite "security identifiers" 
which are not disclosed in the instant specification. 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1, 5, 12 - 15, 22 - 24 and 27 - 68 are rejected under 35 U.S.C. 102(e) as being 
unpatentable over Arteaga et al. (U.S. Publication Number 2002/0161826). 
Regarding Claims 1 and 23, Arteaga teaches and describes 

receiving a SOAP message; determining whether at least one security rule has been 
defined for the SOAP message, the at least one security rule being defined based on a security 
policy for exchanging SOAP messages between at least one client program and at least one 
server program, and performing at least one security related operation on the SOAP message 
based on the at least one security rule when the determining determines that at least one 
security rule is associated with the SOAP message (paragraph [0092 - 0095]). 

Regarding Claims 27, 38, 56 and 65, Arteaga teaches and describes 

receiving a SOAP message, determining whether at least one rule is associated with the 
SOAP message; collecting data that may be required to evaluate the at least one rule; 

evaluating the at least one rule at least partially based on the collected data, and 
determining whether the SOAP message constitutes a service attack based on the evaluating of 
the at least one rule (paragraph [0092 - 0095]). 
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Regarding Claims 33 and 66, Arteaga teaches and describes 

receiving a SOAP message, determining at least one of: (a) a message type for the 
SOAP message, (b) a sender for the SOAP message, and (c) a recipient for the SOAP 
message, determining whether at least one rule is associated with at least one of the 
message type (a) , the sender (b), and the recipient (c), selecting at least one portion of the data 
which has been collected for at least one of the message type (a) , the sender (b), and the 
recipient (c); evaluating the at least one rule using the selected at least one portion of data; and 
determining whether the SOAP message constitutes a service attack based on the evaluating of 
the at least one rule (paragraph [0092 - 0095, 0107-0108, 0120]). 

Regarding Claims 39 and 52, Arteaga teaches and describes 

identifying a SOAP interface for which publication or access is requested, determining 
whether one or more rules are associated with the SOAP interface, the one or more rules 
describing one or more policies with respect to publication of or access to the SOAP interface, 
evaluating the SOAP interface, and determining whether publication of or access to the SOAP 
interface should be granted based on the evaluating of the SOAP interface (paragraph [0092 - 
0095]). 

Regarding Claim 53 , Arteaga teaches and describes 

(a) identifying a SOAP interface and a WSDL file for the SOAP interface for which 
publication or access is requested, wherein the identifying can be performed by a first person by 
accessing a user interface of a SOAP traffic manager, (b) determining whether one or more 
rules already apply to the SOAP message, the one or more rules describing one or more 
policies with respect to publication of or access to the SOAP interface; wherein the determining 
(b) can be performed by the first person by accessing a user interface to a SOAP traffic 
manager, (c) requesting approval of one or more additional rules for the SOAP message 
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wherein the requesting can be performed by the first person by accessing a user interface to a 
SOAP traffic manager, (d) evaluating the SOAP interface or at least one rule associated with the 
SOAP interface, wherein the evaluating can be performed at least partly by a second person 
who can access the SOAP traffic manager, and wherein the at least one rule can be a pre- 
existing rule or an additional rule, and (e) determining whether the SOAP interface or at least 
one rule associated with the SOAP interface should be approved at least partly based on the 
evaluating, wherein the determining can be performed at least partly by a second person who 
can access the SOAP traffic manager (paragraph [0092 - 0095, 0107-0108, 0120]). 

Claims 5, 24 are rejected as applied about in rejecting Claims 1 and 23. Furthermore, 
Arteaga teaches and describes wherein the method further comprises: determining a message 
type for the SOAP message, and wherein the determining of whether at least one security rule 
is associated with the SOAP message comprises: looking up rules which are associated with 
the message type (paragraph [0092 - 0095]). 

Claims 12-14 are rejected as applied about in rejecting Claim 1. Furthermore, Arteaga 
teaches and describes wherein the at least one security rule includes at least one security rule 
includes at least one signature verification rule; and verifying at least one signature associated 
with the SOAP message per requirements specified by the at least one signature verification 
rule (paragraph [0107-0108]). 

Claim 15 is rejected as applied about in rejecting Claim 1. Furthermore, Arteaga teaches 
and describes wherein at least one portion of the SOAP message is in XML (paragraph [0099]). 

Claims 22, 37, 51 and 64 are rejected as applied about in rejecting Claims 1, 27, 39 and 
56. Furthermore, Arteaga teaches and describes a computer readable medium having computer 
program instructions stored therein for performing the method of claim 1 (paragraph [0157]). 
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Claims 28 and 58 are rejected as applied about in rejecting Claims 27 and 56. 
Furthermore, Arteaga teaches and describes wherein the determining of whether at least 
one rule is associated with the SOAP message comprises at least one of the acts of: 
(a) determining a message type for the SOAP message, (b) determining a sender node for the 
SOAP message, and (c) determining a recipient node for the SOAP message (paragraph 
[0102]). 

Claims 30 and 34 are rejected as applied about in rejecting Claim 27. Furthermore, 
Arteaga teaches and describes wherein the method further comprises: denying service when 
the determining determines that the SOAP message constitutes a service attack (paragraph 
[0102]). 

Claim 35 is rejected as applied about in rejecting Claim 33. Furthermore, Arteaga 
teaches and describes taking remedial action when the determining determines that the SOAP 
message constitutes a service attack (paragraph [0108]). 

Claims 40-44 are rejected as applied about in rejecting Claim 39. Furthermore, Arteaga 
teaches and describes wherein the method further comprises: identifying a WSDL file for the 
SOAP interface (paragraph [0099]). 

Claim 57 is rejected as applied about in rejecting Claim 56. Furthermore, Arteaga 
teaches and describes herein the method further comprises: determining whether at least a 
portion of data of the SOAP message should be considered to evaluate the at east one rule 
when the determining determines that at east one rule is associated with the SOAP message 
(paragraph [0103]). 

Claim 59 is rejected as applied about in rejecting Claim 56. Furthermore, Arteaga 
teaches and describes wherein the at least one rule specifies at least a portion of the SOAP 
message which needs to be considered to evaluate the at least one rule (paragraph [0103]). 
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Claims 61 and 67 are rejected as applied about in rejecting Claims 56 and 66. 
Furthermore, Arteaga teaches and describes wherein the method further comprises: 
taking one or more actions when the determining of whether an action is required determines 
that action is required (paragraph [0103]). 

Claims 62 and 68 are rejected as applied about in rejecting Claims 56 and 66. 
Furthermore, Arteaga teaches and describes wherein the method further comprises: taking one 
or more actions when the determining of whether an action is required determines that action is 
required, and wherein the one or more actions include holding the SOAP message, archiving 
the SOAP message, failing SOAP message delivery, sending a notification, and logging special 
notification (paragraph [0107-0108]). 

Claim 45 is rejected as applied about in rejecting Claim 39. Furthermore, Arteaga 
teaches and describes wherein the evaluating of the SOAP interface is done at least partly 
based on one or more rules associated with the SOAP interface (paragraph [0108]). 

Claim 54 is rejected as applied about in rejecting Claim 39. Furthermore, Arteaga 
teaches and describes wherein the first person is a programmer and the second person is an 
administrator (paragraph [0120]). 

Claim 55 is rejected as applied about in rejecting Claim 39. Furthermore, Arteaga 
teaches and describes wherein the method further comprises: modifying the SOAP interface or 
one or more additional rules for the SOAP interface, wherein the modifying can be performed at 
least partly by a second person who can access the SOAP traffic manager (paragraph [0120]). 

Claim 29 is rejected as applied about in rejecting Claim 27. Furthermore, Arteaga 
teaches and describes wherein the determining of data that may be required to evaluate the at 
least one rule comprises: determining which portion of history of at least one of the message 
type, sender node, and recipient node should be collected (paragraph [0107-0108]). 
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Claim 46 is rejected as applied about in rejecting Claim 45. Furthermore, Arteaga 
teaches and describes wherein the evaluating of the SOAP interface is done at least partly by a 
person (paragraph [0107]). 

Claims 36 and 47 are rejected as applied about in rejecting Claims 35 and 46. 
Furthermore, Arteaga teaches and describes wherein the person is an administrator (paragraph 
[0120]). 

Claim 48 is rejected as applied about in rejecting Claim 47. Furthermore, Arteaga 
teaches and describes wherein the modifying the SOAP interface (paragraph [0095]). 

Claim 49 is rejected as applied about in rejecting Claim 48. Furthermore, Arteaga 
teaches and describes wherein the modifying is performed at least partly by a person 
(paragraph [0195]). 

Claim 50 is rejected as applied about in rejecting Claim 49. Furthermore, Arteaga 
teaches and describes wherein the person is an administrator (paragraph [0120]). 

Claim 31 is rejected as applied about in rejecting Claim 30. Furthermore, Arteaga 
teaches and describes wherein the method further comprises: taking remedial action when the 
determining determines that the SOAP message constitutes a service attack (paragraph 
[0108]). 

Claim 32 is rejected as applied about in rejecting Claim 31. Furthermore, Arteaga 
teaches and describes wherein the one or more remedial actions includes one or more of 
notifying an administrator, holding the SOAP message, making a log entry, invoking a 
programming object, and sending an additional SOAP message (paragraph [0108]). 

Claim 60 is rejected as applied about in rejecting Claim 59. Furthermore, Arteaga 
teaches and describes wherein the method further comprises: gathering at least one portion of 
the SOAP message (paragraph [0092]). 
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Claim 63 is rejected as applied about in rejecting Claim 63. Furthermore, Arteaga 
teaches and describes wherein the SOAP message is held for review by a person (paragraph 

0120). 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. Although the 
specified citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. It is 
respectfully requested from the applicant, in preparing the responses, to fully consider the 
references in entirety as potentially teaching all or part of the claimed invention, as well as the 
context of the passage as taught by the prior art or disclosed by the examiner. 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See PTO Form 892. 

Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific disclosure. 
If applicants are aware of any better prior art than those are cited, they are required to bring the 
prior art to the attention of the examiner. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Pramila Parthasarathy whose telephone number is 571-272-3866. The 
examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts to reach the examiner 
by telephone are unsuccessful, the examiner's supervisor, Nasser Moazzami can be reached 
on 571-232-4195. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305-3900. 



Application/Control Number: 



Page 10 



10/015,502 
Art Unit: 2136 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR only. For more information about the 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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